hardwear.io Netherlands 2021 - Hardware Security Conference & Training is seeking innovative research on attacks or mitigation on any hardware. Submit your research paper.

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vu…

Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service (DDoS) attack that was recorded to date.

The Latest Facebook tool protects Afghan people who fear becoming Taliban targets. The Facebook toll launched by Facebook will help the people in fear of

It’s important to enable audit logging for o365 even if you are not monitoring them actively. Atleast if you get...

Posted by James Forshaw, Project Zero Recently I've  been delving into the inner workings of the Windows Firewall. This is interesting to ...

Well-known vulnerabilities in `aes-256-cbc` allow attackers to modify encrypted config files without knowing the secret key.

Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.

A deep dive into macOS 11's internals reveals some security surprises that deserve to be more widely known.

Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.

Last week a friend of mine asked me to debug/RE some phishing emails that had been sent to them. These phishing emails were visually very clever and looked identical to the real site! But as I looked at the javanoscript I frankly became embarassed for the developer.

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking. - GitHub - aktsk/ipa-medit: Memory modification tool for re-signed ipa sup...

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. - IlanKalendarov/PyHook

Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019 - w1u0u1/smb2os

TL;DR Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information. Vulnerability Summary Samsung S10+/S9 kernel […]

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon - optiv/Registry-Recon

How failures related to validating conditions based on URLs can lead to security issues